Any client with the correct target network address and port may send requests to the server, regardless of whether the requests are valid or invalid, and the server must respond to each request. A remote client machine providing a malicious attack or having a non-malicious, internal program logic failure looping condition floods the server with invalid requests that are quickly rejected or repeats the same valid request that requires normal processing. Alternatively, a client application may be designed to periodically download a large subset of the server database with many requests in a short period of time (i.e., in a batch application). Under the aforementioned conditions where high transaction rates exceed the capacity of the server, other legitimate client requests do not obtain access to the server within a reasonable timeframe, effectively making the server unavailable to the rest of the client community. Conventional network monitoring tools detect denial of service attacks, but the tools detect transaction rates at levels that are higher than the transaction rates that overwhelm server applications. Further, each transaction in the client-server environment is a single entity and there is no inherent affinity or memory from one transaction to the next, thereby making it difficult to distinguish a recursive condition sent from one or a few particular clients from the general high traffic from the rest of the client community. Still further, conventional monitoring tools associate transaction rates with a single form of transaction identification (e.g., the IP address of the client machine), and therefore overlook excessive transaction rates related to other forms of identification. Moreover, known network monitoring tools are inflexible because they are limited to responding to excessive transaction rates only through a denial of access. Thus, there exists a need to overcome at least one of the preceding deficiencies and limitations of the related art.